On Sun, Dec 16, 2007 at 12:47:15PM +0100, Gabor Gombas wrote: > Package: mozilla-venkman > Version: 0.9.87.2-1 > Severity: critical > Tags: security > Justification: root security hole > > > Hi, > > mozilla-venkman.preinst contains: > > #! /bin/sh > > find . -maxdepth 1 -mindepth 1 > /tmp/findddddddddddd > > Just do an "ln -s /etc/shadow /bin/findddddddddddd" as any user before > installing the package, and watch the fireworks. > > Btw. why the heck does the preinst script need to dump the contents of > the root directory to a file that is never used?
Damn I have no idea. The file was not even version tracked in my repo... The file dates from january 2007, the previous upload was in november 2006, so it means it was never in a release before... I think I did some tests a while ago, but can't remember why I needed that... Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
